Secure passwords are an essential aspect of IT security. A simple or insecure password can lead to a breach of the company’s data.

Here is a template policy that you can feel free to edit and use to promote password security in your business.


Employee Password Policy Template

All employees and contractors who have access to the company’s systems are responsible for following the below steps to secure their passwords.

  1. Password Creation
    1. All passwords should have the following characteristics:
      1. Contain at least 8 characters
      2. Contain both upper and lower case letters
      3. Contain at least one special character (e.g. !@#$%^&*<>?:”)
      4. Contain at least one number (for example, 0-9)
    2. Poor or weak passwords contain:
      1. Less than 8 characters
      2. Can be found in the dictionary
      3. Contain personal information such as pets or children’s names
      4. Contain common words spelt backwards or preceded or followed by a number (for example, 1secret)
      5. Are some version of “Welcome123” “Password123” or “Changeme123”
    3. Users should not use the same passwords for <Company Name> accounts as for non-<Company Name> access.
  2. Password Change
    1. All user and systems passwords should be changed at least every 3 months.
  3. Password Protection
    1. Passwords should be memorable to users as passwords should never be written down.
    2. Passwords should not be shared with anyone. They should be treated as confidential data of <Company Name>.
    3. Don’t use “Remember Password” functions of applications (for example, web browser).
    4. Any user who suspects their password may be compromised should report the incident and change all passwords.

Looking for more policy templates?

Here are some further policy templates you are free to copy and edit:

 

Disclaimer

This page provides general information as a guide only, to be used at your sole risk. It does not constitute legal or other professional advice and you should seek such advice specific to your circumstances in implementing any workplace policies.